SUNNYVALE, California: Cyber espionage groups aligned with China have ramped up targeted attacks on Taiwan's semiconductor sector and industry analysts, according to new research released by cybersecurity firm Proofpoint.
The analysis outlines an uptick in hacking campaigns between March and June, with activity from at least three China-linked groups, some of which remains ongoing. The intrusions are part of a broader effort to gather intelligence on Taiwan's chip industry as tensions rise over U.S. export controls and China's efforts to develop domestic semiconductor alternatives.
"We've seen entities that we hadn't ever seen being targeted in the past being targeted," said Mark Kelly, a threat researcher at Proofpoint, based out of Sunnyvale, California.
The campaigns have focused on 15 to 20 organizations, including small companies, global enterprises, and investment analysts, some working at a central U.S.-headquartered bank. The researchers declined to name the specific targets or confirm whether any attempts were successful.
Hackers used varied techniques. In one case, attackers used compromised Taiwanese university email accounts to pose as job seekers, sending malicious PDFs or password-protected files to employees at semiconductor design and manufacturing firms. Another group posed as a fake investment firm targeting analysts focused on Taiwan's chip market.
Proofpoint did not specify the companies affected, but Taiwan is home to major chipmakers including TSMC, MediaTek, UMC, Nanya, and RealTek. Most firms declined to comment or did not respond.
A spokesperson for the Chinese embassy in Washington said China opposes all forms of cybercrime and is also a victim of such threats.
Taiwanese cybersecurity firm TeamT5 confirmed an increase in email-based attacks but noted they weren't yet widespread. It emphasized that semiconductors have long been a "constant interest" for advanced China-linked hacking groups.
TeamT5 also cited a June case where a group called Amoeba targeted a chemical company tied to the semiconductor supply chain, highlighting hackers' interest in peripheral industries as well.
